![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 37%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ2%3C/text%3E%3C/svg%3E)
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,471 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you would like to update Web App SQL Connection string.
Regarding your questions:
If I updated this value to use the new connection string (with Private endpoint), then do you think this is enough?
That might not be enough, you would need to verify or follow standards as below:
- Verify Environment Variable Update
- Verify Externalized Configurations
- Verify Database Connectivity & Authentication
- Monitor and Fix New Issues
- Restart Application and Verify
If you follow these steps, you might have no issue.
Is there any possibility that they hard-coded the SQL connection string in the code?
Yes, it is possible. This is what you need to do: Search for Hard-Coded Connection Strings Proactively by performing:
- Manual Code Review, you will need to search for files where database connections are established (e.g., appsettings.json, .env, .cs, .java, .py, .js files).
- Automated Search Using Code Scanning Tools:
- For Linux/macOS:
grep -Ril "Server=" /path/to/codebase grep -Ril "Data Source=" /path/to/codebase - For Windows:
findstr /sim /c:"Server=" *.* findstr /sim /c:"Data Source=" *.*
- For Linux/macOS:
- Use Static Analysis Tools: Run SonarQube or GitHub Secret Scanning to detect hard-coded credentials and search for Encoded Secrets: If credentials are stored as base64, search for:
grep -Ril "c2VydmVy" /path/to/codebase # "server" encoded in base64
If yes, Is there any way to be proactive find it?
Follow the steps as stated above on what to do.
You can use the below resources to read more and find hard-coded and other issues:
- Connectivity with Azure SQL Database - https://learn.microsoft.com/en-us/azure/azure-sql/database/security-best-practice
- Managing Connection Strings in Azure App Services - https://learn.microsoft.com/en-us/azure/app-service/configure-common
- Hardcoded Connection String Detection - https://codeql.github.com/codeql-query-help/csharp/cs-hardcoded-connection-string-credentials/
- CWE-798: Use of Hard-Coded Credentials - https://cwe.mitre.org/data/definitions/798.html
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.